Stuxnet and Duqu Redux: Flame Malware Found in Iran

Jeff James

Wed, 2012-05-30 13:49

The internet has been buzzing the last few days over a new strain of malware dubbed 'Flame' (alternatively called 'SkyWiper' by some security experts) that has been found on hundreds of PCs in the middle east, primarily in Iran. While the eventual scope of the Flame attack is still a bit unclear, many security researchers who have analyzed the malware believe that it is connected -- or possibly produced -- by the creators of the Stuxnet and Duqu malware variants.

It's important to note that only a few hundred machines have been affected by the malware, but the complexity and the targeted nature of Flame have led many experts to believe that is yet another example of state-developed cyber-warfare. In a blog post on the Kaspersky Lab Securelist website, security researcher Alexander Gostev explains the similarities between Flame, Stuxnet, and Duqu:

"Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super-weapons’ currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyber-warfare and cyber-espionage."

Gostev has also posted a more detailed analysis of the Flame malware and how to defend PCs against it, but it's not clear if Flame poses a threat to PCs outside of the existing regions where the malware has been found.

A visual depicting where Flame infections have been found (as of late May 2012) Source: Kaspersky Lab.

I've written about Stuxnet and Duqu in the past, and Flame seems to indicate that cyberwarfare and cyber-espionage conducted between nation-states is an increasingly common occurrence. Microsoft Technical Fellow Mark Russinovich has written about this bleak future in his novel Zero Day, and it's clear now that what was once thought of science fiction is quickly becoming a reality.

So what do you think about the progression we've seen from Stuxnet, Duqu, and Flame? Share your thoughts by adding a comment to this blog post or contributing to the discussion on Twitter.